<?php
/* 
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */

if(!$_SESSION) session_start();

// Connect to the database
////////////////////////////////////////////////////////

require_once("../../scripts/config.php");

// Load Functions
////////////////////////////////////////////////////////

require_once("../../scripts/functions.php");

// Check REQUIRED variables
////////////////////////////////////////////////////////

if(!isset($_GET['apikey']) || (strlen($_GET['apikey']) == 0)) die('Failure: API Key is missing');

$set_email = GetSQLValueString($_GET['apikey'], "text");

$sql_chk = "SELECT * FROM tblusers WHERE email_address = $set_email AND set_active = 1 AND set_task_add = 1 OR email_address = $set_email AND set_active = 1 OR set_admin = 1";

$user = sqlLoad($sql_chk, $db); 

if(sizeof($user)==0) die('Failure: Incorrect API Key');

if(!isset($_GET['subj']) || (strlen($_GET['subj']) == 0)) die('Failure: subject is required');

if(strlen($_GET['subj']) > 128) die('Failure: subject is too long');

if(!isset($_GET['body']) || (strlen($_GET['body']) == 0)) die('Failure: body is required');

if(!isset($_GET['proj']) || (strlen($_GET['proj']) == 0)) die('Failure: project id is required');

// Setup the default values...
////////////////////////////////////////////////////////

$set_user = $user[0]['UserID'];

if(isset($_GET['user']) && is_numeric($_GET['user'])) $set_user = $_GET['user'];

$set_subj = GetSQLValueString($_GET['subj'], "text");

$set_body = GetSQLValueString($_GET['body'], "text");

$set_proj = GetSQLValueString($_GET['proj'], "int");

$set_status = 0;

if(isset($_GET['status']) && is_numeric($_GET['status'])) $set_status = $_GET['status'];

$set_type = 0;

if(isset($_GET['type']) && is_numeric($_GET['type'])) $set_type = $_GET['type'];

$set_priority = 0;

if(isset($_GET['priority']) && is_numeric($_GET['priority'])) $set_priority = $_GET['priority'];

$set_assigned = 0;

if(isset($_GET['assigned']) && is_numeric($_GET['assigned'])) $set_assigned = $_GET['assigned'];

// Execute the SQL
////////////////////////////////////////////////////////

$sql = sprintf("INSERT INTO tbltasks SET subject =%s, body =%s, CreatedbyID = %s, ProjectID = %s, set_status = %s, set_type = %s, set_priority = %s, UserID = %s",
			   $set_subj,
			   $set_body,
			   $set_user,
			   $set_proj,
			   $set_status,
			   $set_type,
			   $set_priority,
			   $set_assigned );

sqlMod($sql, $db);

echo "Success";